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IN THE CLAIMS 

This listing of claims will replace all prior versions and listings of claims in the 
Application: 

LISTING OF CLAIMS: 

1 . (Original) A method of blocking attacks on a computer network, comprising: 

receiving original packets and corresponding retransmit packets from a 
network, wherein: 

each said original packet and corresponding retransmit packet 

belong to a flow; and 
each said original packet and corresponding retransmit packet 
has a plurality of non-mutable field values; 
hashing said non-mutable field values of each said original packet to 

produce a validation signature of each said original packet; 
storing said validation signatures; 

hashing said non-mutable field values of each said corresponding 
retransmit packet to produce a test signature of each said 
corresponding retransmit packet; 
comparing said validation signature to said test signature; and 
if said test signature and said validation signature are not identical, 
terminating said flow. 

2. (Original) The method of Claim 1 , wherein said storing comprises retaining 
said validation signatures for a limited time. 

3. (Original) The method of Claim 1 , wherein said hashing comprises computing 
a checksum from said non-mutable field values. 
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4. (Original) The method of Claim 1 , wherein said hashing comprises computing 
a hash value from said non-mutable field values. 

5. (Original) The method of Claim 1 , wherein said hashing comprises computing 
a strong hash value from said non-mutable field values. 

6. (Original) The method of Claim 1 , wherein said hashing comprises computing 
a cryptographically secure hash value from said non-mutable field values. 

7. (Original) The method of Claim 1 , wherein said hashing comprises computing 
a LFSR checksum value using an internal state indicator and said non-mutable 
field values. 

8. (Original) The method of Claim 1 , wherein said hashing comprises computing 
a hash value using a secret number. 

9. (Currently Amended) A method of blocking attacks on a computer network, 
comprising: 

generating a validation signature of an original packet by hashing a 
plurality of non-mutable field values of said original packet : 

generating a test signature of a retransmit packet, by hashing a plurality of 
non-mutable field values of said retransmit packet, said retransmit 
packet being a retransmission of said original packet with a flow of 
packets; and 

comparing said test signature to said validation signature to determine 
whether to terminate said flow of packets. 

10. (Original) An apparatus for blocking attacks on a computer network, 
comprising: 
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means for receiving original packets and corresponding retransmit packets 
from a network, wherein: 

each said original packet and corresponding retransmit packet 

belong to a flow; and 
each said original packet and corresponding retransmit packet 
has a plurality of non-mutable field values; 
first means for hashing said non-mutable field values of each said original 

packet to produce a validation signature of each said original packet; 
means for storing said validation signatures; 
second means for hashing said non-mutable field values of each said 
corresponding retransmit packet to produce a test signature of each 
said corresponding retransmit packet, wherein said first means for 
hashing and said second means for hashing employ the same hashing 
algorithm; 

means for comparing said validation signature to said test signature; and 
means for terminating said flow if said test signature and said validation 
signature are not identical. 

1 1 . (Original) The apparatus of Claim 10, wherein said means for storing 
comprises means for retaining said validation signatures for a limited time. 

12. (Original) The apparatus of Claim 10, wherein said first means for hashing 
and said second means for hashing each comprise means for computing a 
checksum from said non-mutable field values. 

13. (Original) The apparatus of Claim 10, wherein said first means for hashing 
and said second means for hashing each comprise means for computing a hash 
value from said non-mutable field values. 
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14. (Original) The apparatus of Claim 10, wherein said first means for hashing 
and said second means for hashing each comprise means for computing a 
strong hash value from said non-mutable field values. 

15. (Original) The apparatus of Claim 10, wherein said first means for hashing 
and said second means for hashing each comprise means for computing a 
cryptographically secure hash value from said non-mutable field values. 

16. (Original) The apparatus of Claim 10, wherein said first means for hashing 
and said second means for hashing each comprise means for computing a LFSR 
checksum value using an internal state indicator and said non-mutable field 
values. 

17. (Original) The apparatus of Claim 10, wherein said first means for hashing 
and said second means for hashing each comprise means for computing a hash 
value using a secret number. 

18. (Original) An apparatus for blocking attacks on a computer network, 
comprising: 

a packet hashing device configured to receive original packets and 
corresponding retransmit packets from a network, wherein: 

each said original packet and corresponding retransmit packet 
belong to a flow; 

each said original packet and corresponding retransmit packet 
has a plurality of non-mutable field values; and 

said packet hashing device employing a packet hashing 

algorithm to hash said non-mutable field values of each said 
original packet to produce a validation signature of each said 
original packet and to hash said non-mutable field values of 
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each said corresponding retransmit packet to produce a test 
signature of each said corresponding retransmit packet; 
a flow cache connected to said packet hashing device and configured to 

store said validation signatures; 
a comparator operably connected to said flow cache configured to 

compare said validation signature to said test signature and having an 
output; and 

a flow terminator receiving said output of said comparator and configured 
to terminate said flow if said output indicates that said test signature 
and said validation signature are not identical. 

1 9. (Original) The apparatus of Claim 18, wherein said flow cache comprises 
means for retaining said validation signatures for a limited time. 

20. (Original) The apparatus of Claim 18, wherein said packet hashing device 
comprises means for computing a checksum from said non-mutable field values. 

21 . (Original) The apparatus of Claim 18, wherein said packet hashing device 
comprises means for computing a hash value from said non-mutable field values. 

22. (Original) The apparatus of Claim 18, wherein said packet hashing device 
comprises means for computing a strong hash value from said non-mutable field 
values. 

23. (Original) The apparatus of Claim 18, wherein said packet hashing device 
comprises means for computing a cryptographically secure hash value from said 
non-mutable field values. 
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24. (Original) The apparatus of Claim 18, wherein said packet hashing device 
comprises means for computing a LFSR checksum value using an internal state 
indicator and said non-mutable field values. 

25. (Original) The apparatus of Claim 18, wherein said packet hashing device 
comprises means for computing a hash value using a secret number. 

26. (Original) A computer system for use in blocking attacks on a computer 
network, comprising computer instructions for: 

receiving original packets and corresponding retransmit packets from a 
network, wherein: 

each said original packet and corresponding retransmit packet 

belong to a flow; and 
each said original packet and corresponding retransmit packet 
has a plurality of non-mutable field values; 
hashing said non-mutable field values of each said original packet to 

produce a validation signature of each said original packet; 
storing said validation signatures; 

hashing said non-mutable field values of each said corresponding 
retransmit packet to produce a test signature of each said 
corresponding retransmit packet; 
comparing said validation signature to said test signature; and 
if said test signature and said validation signature are not identical, 
terminating said flow. 

27. (Original) The computer system of Claim 26, wherein said computer 
instructions for storing further comprise computer instructions for retaining said 
validation signatures for a limited time. 
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28. (Original) The computer system of Claim 26, wherein said computer 
instructions for hashing further comprise computer instructions for computing a 
checksum from said non-mutable field values. 

29. (Original) The computer system of Claim 26, wherein said computer 
instructions for hashing further comprise computer instructions for computing a 
hash value from said non-mutable field values. 

30. (Original) The computer system of Claim 26, wherein said computer 
instructions for hashing further comprise computer instructions for computing a 
strong hash value from said non-mutable field values. 

31 . (Original) The computer system of Claim 26, wherein said computer 
instructions for hashing further comprise computer instructions for computing a 
cryptographically secure hash value from said non-mutable field values. 

32. (Original) The computer system of Claim 26, wherein said computer 
instructions for hashing further comprise computer instructions for computing a 
LFSR checksum value using an internal state indicator and said non-mutable 
field values. 

33. (Original) The computer system of Claim 26, wherein said computer 
instructions for hashing further comprise computer instructions for computing a 
hash value using a secret number. 

34. (Original) A computer-readable medium storing a computer program 
executable by a plurality of server computers, the computer program comprising 
computer instructions for: 

receiving original packets and corresponding retransmit packets from a 
network, wherein: 
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each said original packet and corresponding retransmit packet 

belong to a flow; and 
each said original packet and corresponding retransmit packet 
has a plurality of non-mutable field values; 
hashing said non-mutable field values of each said original packet to 

produce a validation signature of each said original packet; 
storing said validation signatures; 

hashing said non-mutable field values of each said corresponding 
retransmit packet to produce a test signature of each said 
corresponding retransmit packet; 
comparing said validation signature to said test signature; and 
if said test signature and said validation signature are not identical, 
terminating said flow. 

35. (Original) The computer-readable medium of Claim 34, wherein said 
computer instructions for storing further comprise computer instructions for 
retaining said validation signatures for a limited time. 

36. (Original) The computer-readable medium of Claim 34, wherein said 
computer instructions for hashing further comprise computer instructions for 
computing a checksum from said non-mutable field values. 

37. (Original) The computer-readable medium of Claim 34, wherein said 
computer instructions for hashing further comprise computer instructions for 
computing a hash value from said non-mutable field values. 

38. (Original) The computer-readable medium of Claim 34, wherein said 
computer instructions for hashing further comprise computer instructions for 
computing a strong hash value from said non-mutable field values. 
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39. (Original) The computer-readable medium of Claim 34, wherein said 
computer instructions for hashing further comprise computer instructions for 
computing a cryptographically secure hash value from said non-mutable field 
values. 

40. (Original) The computer-readable medium of Claim 34, wherein said 
computer instructions for hashing further comprise computer instructions for 
computing a LFSR checksum value using an internal state indicator and said 
non-mutable field values. 

41 . (Original) The computer-readable medium of Claim 34, wherein said 
computer instructions for hashing further comprise computer instructions for 
computing a hash value using a secret number. 

42. (Original) A computer data signal embodied in a carrier wave, comprising 
computer instructions for: 

receiving original packets and corresponding retransmit packets from a 
network, wherein: 

each said original packet and corresponding retransmit packet 

belong to a flow; and 
each said original packet and corresponding retransmit packet 
has a plurality of non-mutable field values; 
hashing said non-mutable field values of each said original packet to 

produce a validation signature of each said original packet; 
storing said validation signatures; 

hashing said non-mutable field values of each said corresponding 
retransmit packet to produce a test signature of each said 
corresponding retransmit packet; 

comparing said validation signature to said test signature; and 
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if said test signature and said validation signature are not identical, 
terminating said flow. 

43. (Original) The computer data signal of Claim 42, wherein said computer 
instructions storing further comprise computer instructions for retaining said 
validation signatures for a limited time. 

44. (Original) The computer data signal of Claim 42, wherein computer 
instructions for hashing further comprise computer instructions for computing a 
checksum from said non-mutable field values. 

45. (Original) The computer data signal of Claim 42, wherein said computer 
instructions for hashing further comprise computer instructions for computing a 
hash value from said non-mutable field values. 

46. (Original) The computer data signal of Claim 42, wherein said computer 
instructions for hashing further comprise computer instructions for computing a 
strong hash value from said non-mutable field values. 

47. (Original) The computer data signal of Claim 42, wherein said computer 
instructions for hashing further comprise computer instructions for computing a 
cryptographically secure hash value from said non-mutable field values. 

48. (Original) The computer data signal of Claim 42, wherein said computer 
instructions for hashing further comprise computer instructions for computing a 
LFSR checksum value using an internal state indicator and said non-mutable 
field values. 
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49. (Original) The computer data signal of Claim 42, wherein said computer 
instructions for hashing further comprise computer instructions for computing a 
hash value using a secret number. 

50. (New) The method of claim 1 wherein: 

receiving original packets and corresponding retransmit packets from a 
network includes receiving original packets and corresponding 
retransmit packets from a first network host on an unprotected network 
across a first network connection; and 
the method further comprises: 

if said test signature and said validation signature are identical, 
forwarding said corresponding retransmit packet to a second 
network host on a protected network across a second 
network connection, the first and second network hosts 
being distinct. 

51 . (New) The apparatus of claim 18 wherein the apparatus further 
comprises: 

a first network interface for receiving said original packets and 
corresponding retransmit packets from a first network host on an 
unprotected network; and 
a second interface for: 

transmitting said original packets to a second network host on a 
protected network, the first and second network hosts being 
distinct; and 

transmitting said corresponding retransmit packets to the 
second network host if said output indicates that said test 
signature and said validation signature are identical. 



